Özel HRS Ankara Kadın Hastanesi - Ana Sayfa
KVKK Disclosure Text
Info

KVKK Disclosure Text

HRS SAĞLIK SİSTEMLERİ YATIRIM VE İŞLETMELERİ ANONİM ŞİRKETİ

CLARIFICATION TEXT ON THE PROCESSING OF PERSONAL DATA

This text has been prepared by HRS SAĞLIK SİSTEMLERİ YATIRIM VE İŞLETMELERİ ANONİM ŞİRKETİ (the “Company”) in order to fulfill the obligation to inform regarding the processing of personal data of website visitors and individuals with whom a business relationship is established, within the scope of Article 10 of the Personal Data Protection Law No. 6698 (“KVKK”).

1. IDENTITY OF THE DATA CONTROLLER

Title:
HRS SAĞLIK SİSTEMLERİ YATIRIM VE İŞLETMELERİ ANONİM ŞİRKETİ
Address:
Güvenevler, Güneş Sk. No:14, 06690 Çankaya/Ankara
Phone:
0312 457 6600
E-mail:
Web:

2. PROCESSED PERSONAL DATA, PURPOSE OF PROCESSING AND LEGAL REASON

Your personal data is processed within the scope of the following purposes and legal reasons:

Personal Data Category Purpose of Processing Legal Reason (KVKK Art. 5)
Identity and contact information (name-surname, e-mail, phone) Establishment and execution of the business relationship; execution of contract processes Directly related to the establishment or performance of the contract; fulfillment of a legal obligation
Identity and contact information Execution of corporate communication activities; ensuring business continuity Legitimate interest
Transaction security information (IP address, log records, cookie data) Ensuring the security of the website and information technology infrastructure Legitimate interest; legal obligation
Finance and accounting information Execution of finance and accounting transactions; fulfillment of legal obligations Legal obligation; performance of the contract

3. PURPOSE OF TRANSFERRING PERSONAL DATA AND RECIPIENT GROUPS

Your personal data may be transferred to the following recipient groups in line with the realization of the purposes stated above:

  • Suppliers and business partners: Limited to the purpose of carrying out commercial activities
  • Affiliates and group companies: Limited to the purpose of carrying out joint commercial activities
  • Legally authorized public institutions and organizations (Ministries, courts, tax offices, etc.): Within the scope of obligations arising from the relevant legislation
  • Legally authorized private law persons (independent auditors, notaries, etc.): Within the scope of activities carried out within the legal framework

Your personal data is not transferred abroad.

4. METHOD OF COLLECTING PERSONAL DATA

Your personal data is collected through automatic and non-automatic methods via contact forms on our website, e-mails, phone calls, and business cards submitted in the physical environment.

5. YOUR RIGHTS UNDER KVKK

You have the following rights within the scope of Article 11 of the KVKK:

  • To learn whether your personal data is processed or not
  • To request information if your personal data has been processed
  • To learn the purpose of processing your personal data and whether they are used in accordance with their purpose
  • To know the third parties to whom your personal data is transferred domestically or abroad
  • To request the correction of your personal data if it is incomplete or incorrectly processed
  • To request the deletion or destruction of your personal data
  • To object to the occurrence of a result against you by analyzing the processed data exclusively through automated systems
  • To request compensation for the damage arising from the unlawful processing of your personal data

You can submit your requests to our Company via https://www.hrsankara.com/ or through the e-mail address info@hrsankara.com. Your applications will be concluded free of charge within 30 (thirty) days at the latest.

Update date: April 2026

I have read and understood the clarification text regarding the processing of my personal data. ☐


HRS SAĞLIK SİSTEMLERİ YATIRIM VE İŞLETMELERİ ANONİM ŞİRKETİ

EXPLICIT CONSENT TEXT FOR COMMERCIAL ELECTRONIC MESSAGES

As HRS SAĞLIK SİSTEMLERİ YATIRIM VE İŞLETMELERİ ANONİM ŞİRKETİ (the “Company”), if you provide explicit consent, we would like to process your contact information to send you commercial electronic messages via SMS, e-mail, and/or phone for the purpose of carrying out information, promotion, and campaign processes regarding the health services we offer.

Providing explicit consent is entirely at your own free will. If you do not give consent, your use of our other services will not be affected. You can withdraw your explicit consent at any time.


For the processing and sharing of my personal data for the purpose of sending commercial electronic messages

I give explicit consent

I do not give explicit consent

Name-Surname / Signature / Date


Composite Full Text.

PERSONAL DATA PROTECTION AND PROCESSING POLICY

INFORMATION FORM

Document Name:
HRS SAĞLIK SİSTEMLERİ YATIRIM VE İŞLETMELERİ A.Ş. Personal Data Protection and Processing Policy
Target Audience:
All real persons other than the employees of HRS SAĞLIK SİSTEMLERİ YATIRIM VE İŞLETMELERİ A.Ş. whose personal data is processed by HRS SAĞLIK SİSTEMLERİ YATIRIM VE İŞLETMELERİ A.Ş.
Prepared By:
HRS SAĞLIK SİSTEMLERİ YATIRIM VE İŞLETMELERİ A.Ş. Personal Data Protection Committee
Effective Date:
03/09/2024

In the event of a conflict between the Turkish version in which the Policy was prepared and any translation version, the Turkish text shall be taken into consideration.

© HRS SAĞLIK SİSTEMLERİ YATIRIM VE İŞLETMELERİ A.Ş.

This document may not be reproduced or distributed without the written permission of HRS SAĞLIK SİSTEMLERİ YATIRIM VE İŞLETMELERİ A.Ş.

CONTENTS

1. SECTION 1 – INTRODUCTION 3
1.1. INTRODUCTION 3
1.2. SCOPE 3
1.3. APPLICATION OF THE POLICY AND RELEVANT LEGISLATION 3
1.4. EFFECTIVENESS OF THE POLICY 3
2. SECTION 2 – MATTERS REGARDING THE PROTECTION OF PERSONAL DATA 4
2.1. ENSURING THE SECURITY OF PERSONAL DATA 4
2.2. PROTECTION OF SPECIAL CATEGORY PERSONAL DATA 4
2.3. INCREASING AWARENESS AND AUDITING OF BUSINESS UNITS REGARDING THE PROTECTION AND PROCESSING OF PERSONAL DATA 4
3. SECTION 3 – MATTERS REGARDING THE PROCESSING OF PERSONAL DATA 5
3.1. PROCESSING PERSONAL DATA IN ACCORDANCE WITH THE PRINCIPLES FORESEEN IN THE LEGISLATION 5
3.2. CONDITIONS FOR PROCESSING PERSONAL DATA 5
3.3. PROCESSING OF SPECIAL CATEGORY PERSONAL DATA 6
3.4. INFORMING THE RELEVANT PERSON 7
3.5. TRANSFER OF PERSONAL DATA 7
4. SECTION 4 – CATEGORIZATION AND PURPOSES OF PROCESSING PERSONAL DATA PROCESSED BY OUR COMPANY 8
5. SECTION 5 – RETENTION AND DESTRUCTION OF PERSONAL DATA 8
6. SECTION 6 - RIGHTS OF THE RELEVANT PERSON AND EXERCISE OF THESE RIGHTS 9
6.1. RIGHTS OF THE RELEVANT PERSON 9
6.2. EXERCISE OF THE RIGHTS BY THE RELEVANT PERSON 9
6.3. OUR COMPANY'S RESPONSE TO APPLICATIONS 9
ANNEX 1 – Purposes of Personal Data Processing 10
ANNEX 2 – Relevant Person 12
ANNEX 3 – Personal Data Categories 13
ANNEX 4 – Third Parties to Whom Personal Data is Transferred by Our Company and the Purposes of Transfer 15

1. SECTION 1 – INTRODUCTION

1.1. INTRODUCTION

As HRS SAĞLIK SİSTEMLERİ YATIRIM VE İŞLETMELERİ A.Ş. ("HRS" or "Company"), one of our most important priorities within the scope of our business activities is the protection of personal data. Within the framework of this HRS SAĞLIK SİSTEMLERİ YATIRIM VE İŞLETMELERİ A.Ş. Personal Data Protection and Processing Policy ("Policy"), the principles adopted in the execution of the personal data processing activities carried out by our Company and the basic principles adopted in terms of the compliance of our Company's data processing activities with the regulations contained in the Personal Data Protection Law No. 6698 ("Law") are explained, and detailed information regarding all personal data processing activities carried out by our Company is presented, thereby providing the necessary transparency by informing the relevant persons. With full awareness of our responsibility in this context, your personal data is processed and protected within the scope of this Policy.

The activities carried out by our Company regarding the protection of the personal data of our employees are managed under the HRS SAĞLIK SİSTEMLERİ YATIRIM VE İŞLETMELERİ A.Ş. Employees Personal Data Protection and Processing Policy, which was drafted in parallel with the principles in this Policy.

1.2. SCOPE

This Policy relates to all personal data of persons other than our Company's employees processed by the Company through automatic means or non-automatic means provided that they are part of any data recording system. Detailed information about the persons to whom such personal data relate can be found in ANNEX 2 ("ANNEX 2- Relevant Persons") of this Policy.

1.3. APPLICATION OF THE POLICY AND RELEVANT LEGISLATION

The relevant legal regulations in force regarding the processing and protection of personal data will primarily find application. In case of any conflict between the applicable legislation and the Policy, our Company accepts that the applicable legislation will find application. The Policy embodies and regulates the rules set out by the relevant legislation within the scope of Company practices.

1.4. EFFECTIVENESS OF THE POLICY

This Policy, issued by our Company, is dated 03/09/2024.

In the event that the entire Policy or specific articles thereof are renewed, the effective date of the Policy will be updated.

2. SECTION 2 – MATTERS REGARDING THE PROTECTION OF PERSONAL DATA

2.1. ENSURING THE SECURITY OF PERSONAL DATA

In accordance with Article 12 of the Law, our Company takes the necessary measures according to the nature of the personal data in order to prevent unlawful processing, access, transfer of personal data, or security deficiencies that may occur in other ways, and to ensure its preservation. In this context, our Company takes necessary administrative measures, conducts, or has audits conducted in order to provide the necessary level of security in accordance with the guidelines published by the Personal Data Protection Board ("Board").

2.2. PROTECTION OF SPECIAL CATEGORY PERSONAL DATA

Special importance is attributed to sensitive personal data within the scope of the Law due to the risk of causing victimization or discrimination if processed unlawfully. In accordance with Article 6 of the Law, "special category" personal data; data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing and attire, membership to associations, foundations or trade unions, criminal conviction and security measures, and biometric and genetic data ("Special category personal data other than health and sexual life"), and data relating to health and sexual life ("Special category personal data relating to health and sexual life") have been determined.

The technical and administrative measures taken by our Company for the protection of personal data are taken within the scope explained in the Special Category Personal Data Processing and Security Policy, within the framework of the adequate measures stipulated in the Board's Decision dated 31/01/2018 and numbered 2018/10 regarding special category personal data, and the studies carried out in this direction are monitored and audited within the framework of the audits conducted within our Company.

Detailed information regarding the processing of special category personal data is included in section 3.3 of this Policy.

2.3. INCREASING AWARENESS AND AUDITING OF BUSINESS UNITS REGARDING THE PROTECTION AND PROCESSING OF PERSONAL DATA

Our Company ensures that necessary trainings are organized for business units in order to increase awareness towards preventing the unlawful processing of personal data, preventing unlawful access to data, and ensuring the preservation of data. Training and awareness studies organized by the Company are created based on the "Personal Data Security Guide" published on the official website by the Board.

Through the trainings and awareness studies conducted, it is aimed to ensure that the personal data processing activities during the performance of the employees' business duties are carried out in accordance with the Law and secondary legislation by our Company.

Our Company establishes the necessary systems for our existing employees and newly joining employees to form awareness regarding the protection of personal data, and works with consultants if needed in this regard. Accordingly, our Company evaluates the participation in relevant trainings, seminars, and information sessions and organizes new trainings in parallel with the updating of the relevant legislation.

3. SECTION 3 – MATTERS REGARDING THE PROCESSING OF PERSONAL DATA

3.1. PROCESSING PERSONAL DATA IN ACCORDANCE WITH THE PRINCIPLES FORESEEN IN THE LEGISLATION

3.1.1. Processing in Compliance with the Law and Good Faith

Personal data is processed in accordance with the general trust and good faith rule in a way that does not harm individuals' fundamental rights and freedoms. In this framework, personal data is processed to the extent required by our Company's business activities and limited to them.

3.1.2. Ensuring Personal Data is Accurate and Up-to-Date when Necessary

Our Company takes necessary precautions to ensure that personal data is accurate and up-to-date throughout the period it is processed and establishes necessary mechanisms to ensure the accuracy and up-to-dateness of personal data at certain periods.

3.1.3. Processing for Specific, Explicit, and Legitimate Purposes

Our Company explicitly reveals the purposes for processing personal data and processes it within the scope of purposes connected with these activities in line with its business activities.

3.1.4. Being Relevant, Limited, and Proportionate to the Purpose for which they are Processed

Our Company collects personal data only in the quality and measure required by its business activities and processes it limited to the determined purposes.

3.1.5. Retention for the Period Foreseen in the Relevant Legislation or Required for the Purpose for which they are Processed

Our Company retains personal data for the period necessary for the purpose for which they are processed and for the minimum period stipulated in the relevant legal legislation. In this context, our Company first determines whether a period is stipulated for the retention of personal data in the relevant legislation, and acts in accordance with this period if a period is determined. If a legal period does not exist, personal data is kept for the period necessary for the purpose for which they are processed. At the end of the determined retention periods, personal data is destroyed in accordance with the periodic destruction periods or the application of the relevant person and by the determined destruction methods (deletion and/or destruction and/or anonymization).

3.2. CONDITIONS FOR PROCESSING PERSONAL DATA

Unless the relevant person gives explicit consent, the basis of the personal data processing activity can be only one of the conditions stated below, or more than one condition can be the basis of the same personal data processing activity. In case the processed data is special category personal data, the conditions included under the heading 3.3 of this Policy ("Processing of Special Category Personal Data") will apply.

(i) Existence of the Explicit Consent of the Relevant Person
One of the conditions for processing personal data is the explicit consent of the relevant person. The explicit consent of the relevant person must be disclosed for a specific subject, based on information and free will.

In the presence of the following personal data processing conditions, personal data may be processed without the need for the explicit consent of the relevant person.

(ii) Explicitly Foreseen in Laws
If the personal data of the relevant person is explicitly stipulated in the law, in other words, if there is a clear provision in the relevant law regarding the processing of personal data, it will be possible to mention the existence of this data processing condition.

(iii) Inability to Obtain Explicit Consent of the Relevant Person due to Actual Impossibility
If it is mandatory to process the personal data of the relevant person to protect their own or someone else's life or physical integrity in cases where the person cannot express consent due to actual impossibility or whose consent is not granted legal validity, their personal data can be processed.

(iv) Direct Relationship with the Establishment or Performance of a Contract
If it is necessary to process personal data, provided that it is directly related to the establishment or performance of a contract to which the relevant person is a party, this condition can be deemed fulfilled.

(v) Fulfillment of the Company's Legal Obligation
If the processing is mandatory for our Company to fulfill its legal obligations, the personal data of the relevant person can be processed.

(vi) The Relevant Person Making their Personal Data Public
If the relevant person has made their personal data public, the relevant personal data can be processed limited to the purpose of making it public.

(vii) Data Processing being Mandatory for the Establishment, Exercise or Protection of a Right
If data processing is mandatory for the establishment, exercise or protection of a right, the personal data of the relevant person can be processed.

(viii) Data Processing being Mandatory for the Legitimate Interests of our Company
Provided that it does not harm the fundamental rights and freedoms of the relevant person, if data processing is mandatory for the legitimate interests of our Company, the personal data of the relevant person can be processed.

3.3. PROCESSING OF SPECIAL CATEGORY PERSONAL DATA

Special category personal data is processed by our Company in accordance with the principles set forth in this Policy, by taking the administrative and technical measures with the methods explained in the Special Category Personal Data Processing and Security Policy, and under the presence of the following conditions:

(i) Special category personal data other than health and sexual life may be processed without seeking the explicit consent of the relevant person if it is explicitly stipulated in the laws, in other words, if there is a clear provision regarding the processing of personal data in the relevant law. Otherwise, the explicit consent of the relevant person will be obtained.

(ii) Special category personal data regarding health and sexual life may be processed without seeking explicit consent by persons subject to the obligation of confidentiality or competent institutions and organizations for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. Otherwise, the explicit consent of the relevant person will be obtained.

3.4. INFORMING THE PERSONAL DATA SUBJECT

Our Company, in accordance with Article 10 of the Law and secondary legislation, informs the relevant persons about by whom their personal data is processed as a data controller, for what purposes, with whom it is shared for what purposes, by what methods it is collected, and its legal reason, as well as the rights the relevant persons have regarding the processing of their personal data.

3.5. TRANSFER OF PERSONAL DATA

Our Company can transfer the personal data and special category data of the relevant person to third parties (third-party companies, group companies, third real persons) by taking the necessary security measures in line with lawful personal data processing purposes. Our Company acts in accordance with the regulations stipulated in Article 8 of the Law in this regard. Detailed information on this subject can be accessed from ANNEX 4 ("ANNEX 4- Third Parties to Whom Personal Data is Transferred by Our Company and the Purposes of Transfer") of this Policy.

3.5.1. Transferring Personal Data to Third Parties Residing Domestically

Even without the consent of the relevant person, if one or more of the data processing conditions ("Data Processing Conditions") specified below exist, personal data may be transferred to third parties by our Company by showing due care and taking all necessary security measures, including the methods prescribed by the Board.

  • If the relevant activities regarding the transfer of personal data are explicitly stipulated in the laws,
  • If the transfer of personal data by the Company is directly related and necessary for the establishment or performance of a contract,
  • If the transfer of personal data is mandatory for our Company to fulfill its legal obligation,
  • Provided that personal data has been made public by the relevant person, transferring it by our Company in a limited manner for the purpose of making it public,
  • If the transfer of personal data by the Company is mandatory for the establishment, exercise or protection of the rights of the Company, the relevant person, or third parties,
  • Provided that it does not harm the fundamental rights and freedoms of the relevant person, if the personal data transfer activity is mandatory for the legitimate interests of the Company,
  • If it is mandatory to protect the life or physical integrity of the person who is unable to express their consent due to actual impossibility or whose consent is not granted legal validity, or of another person.
3.5.2. Transferring Personal Data to Third Parties Residing Abroad

The transfer of personal data abroad by our Company will be carried out in the direction explained below, depending on whether the country to which the transfer will be made is one of the safe countries to be determined by the Board.

In the event that the country to which the transfer will be made is not one of the safe countries with adequate protection declared by the Board; personal data can be transferred to third parties abroad in the presence of at least one of the Data Processing Conditions and in accordance with the fundamental principles specified in Article 4 of the Law in the following cases.

  • In the presence of the explicit consent of the relevant person,
  • If the Company and the data recipient in the relevant country commit to adequate protection in writing, and the permission of the Board for the relevant transfer is obtained.

In the event that the country to which the transfer will be made is one of the safe countries with adequate protection declared by the Board; personal data may be transferred in the presence of any of the Data Processing Conditions.

3.5.3. Transfer of Special Category Personal Data

Special category personal data may be transferred by our Company in accordance with the principles set forth in this Policy, by taking administrative and technical measures with the methods explained in the Special Category Personal Data Processing and Security Policy, and under the presence of the following conditions:

(i) Special category personal data other than health and sexual life may be processed without seeking the explicit consent of the relevant person if it is explicitly stipulated in the laws, in other words, if there is a clear provision regarding the processing of personal data in the relevant law. Otherwise, the explicit consent of the relevant person will be obtained.

(ii) Special category personal data regarding health and sexual life may be processed without seeking explicit consent by persons subject to the obligation of confidentiality or competent institutions and organizations for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. Otherwise, the explicit consent of the relevant person will be obtained.

4. SECTION 4 – CATEGORIZATION AND PURPOSES OF PROCESSING PERSONAL DATA PROCESSED BY OUR COMPANY

Before our Company, personal data is processed in accordance with the general principles specified in the Law, primarily the principles specified in Article 4 of the Law regarding the processing of personal data, based on and limited to at least one of the Data Processing Conditions, in line with the personal data processing purposes that arise within the framework of the execution of our Company's business activities. Detailed information regarding the said personal data processing purposes is available in ANNEX 1 ("ANNEX 1- Purposes of Personal Data Processing") of the Policy.

The categories of personal data processed by our Company within the framework of the execution of business activities and detailed information about the categories can be found in ANNEX 3 ("ANNEX 3- Personal Data Categories") of the Policy.

5. SECTION 5 – RETENTION AND DESTRUCTION OF PERSONAL DATA

Our Company retains personal data for the period necessary for the purpose for which they are processed and for the minimum period stipulated in the relevant legal legislation. Our Company first determines whether a period is stipulated for the retention of personal data in the relevant legislation, and acts in accordance with this period if a period is determined. If a legal period does not exist, personal data is kept for the period necessary for the purpose for which they are processed.

Personal data processed by our Company is handled on a categorical basis, and maximum data retention periods have been determined for each personal data category in line with the relevant data processing process. The aforementioned periods are set out in the table in our Company's Personal Data Retention and Destruction Policy. Personal data is destroyed at the end of the determined maximum retention periods in accordance with the periodic destruction periods or the application of the relevant person and by the determined destruction methods (deletion and/or destruction and/or anonymization).

6. SECTION 6- RIGHTS OF THE RELEVANT PERSONS AND EXERCISE OF THESE RIGHTS

6.1. RIGHTS OF THE RELEVANT PERSON

Relevant persons have the following rights:

(1) To learn whether their personal data is processed or not,

(2) To request information if their personal data has been processed,

(3) To learn the purpose of processing their personal data and whether they are used in accordance with their purpose,

(4) To know the third parties to whom their personal data is transferred domestically or abroad,

(5) To request the correction of their personal data if it is incomplete or incorrectly processed, and to request that the transaction carried out in this context be notified to third parties to whom the personal data is transferred,

(6) To request the deletion or destruction of their personal data in the event that the reasons requiring its processing disappear, although it has been processed in accordance with the provisions of the Law and other relevant laws, and to request that the transaction carried out in this context be notified to the third parties to whom the personal data is transferred,

(7) To object to the occurrence of a result against the person themselves by analyzing the processed data exclusively through automated systems,

(8) To request compensation for the damage in case they suffer damage due to the unlawful processing of their personal data.

6.2. EXERCISE OF THE RIGHTS BY THE RELEVANT PERSON

Relevant persons will be able to submit their requests regarding their rights listed in Section 6.1 ("Rights of the Relevant Person") to our Company using the methods determined by the Board. In this direction, they can use the "Relevant Person Application Form" accessible at https://hrsankara.com.

6.3. OUR COMPANY'S RESPONSE TO APPLICATIONS

Our Company takes the necessary administrative and technical measures to conclude applications made by the relevant person in accordance with the Law and secondary legislation.

If the relevant person submits their request regarding the rights included in Section 6.1 ("Rights of the Personal Relevant Person") to our Company in accordance with the procedure, our Company will conclude the relevant request free of charge as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, a fee may be charged in accordance with the tariff determined by the Board.


ANNEX 1 – Purposes of Personal Data Processing

MAIN PURPOSES (PRIMARY) SUB PURPOSES (SECONDARY)
Planning and executing our company's human resources policies and processes Planning human resources processes
Execution of personnel procurement processes
Planning and executing fringe benefits and interests for employees
Wage management
Planning and monitoring employee performance evaluation processes
Fulfilling obligations arising from employment contracts and legislation for employees
Execution of the wage policy
Execution of employee satisfaction and loyalty processes
Execution of employee candidate application processes
Planning and/or executing in-company training activities
Carrying out the necessary studies by our relevant business units and executing the related business processes for the realization of the commercial activities carried out by the Company Planning and executing corporate communication activities
Tracking finance and accounting affairs
Planning and/or executing activities to ensure business continuity
Planning and executing business activities
Establishing and managing the information technologies infrastructure
Planning and executing the commercial and/or business strategies of the Company Planning and executing external training activities
Ensuring the legal, technical, and commercial-occupational security of the Company and the relevant persons engaged in a business relationship with the Company Planning and executing necessary operational activities to ensure that company activities are carried out in accordance with company procedures and relevant legislation
Providing legislation-based information to authorized organizations
Ensuring the security of company campuses and facilities

ANNEX 2 – Relevant Persons

RELEVANT PERSON CATEGORIES DESCRIPTION
Corporate Customer Real persons who use or have used the services offered by our Company, regardless of whether they have a contractual relationship with our Company
Inventor/Entrepreneur Real persons who share their projects or technological initiatives with our Company within the scope of the services offered by our Company
Visitor Real persons who have entered the physical campuses owned by our Company for various purposes or visit our websites
Third Party Third-party real persons connected to these persons to ensure commercial transaction security between our Company and the above-mentioned parties or to protect the rights and provide benefits of the aforementioned persons (E.g. family members and relatives) or other real persons not covered by this Policy and the İnventram Intellectual Property Rights Management Trade and Investment Joint Stock Company Employees Personal Data Protection and Processing Policy
Employee Candidate Real persons who have applied for a job to our company by any means or have opened their resume and related information for our company's review (including intern candidates)
Company Shareholder Real persons who are shareholders of our Company
Company Official Our Company's board members and other authorized real persons
Employees, Shareholders, and Officials of the Institutions We Collaborate With Real persons, including employees, shareholders, and officials of institutions with which our Company has any kind of business relationship (such as business partners, suppliers, but not limited to these)

ANNEX 3 – Personal Data Categories

PERSONAL DATA CATEGORIES DESCRIPTION
Identity Information Data containing information about the identity of the person; information such as name-surname, T.R. identity number, nationality information, place of birth, date of birth, gender, workplace information, registration no., tax number, title, biography, etc., and documents such as driver's license, professional ID, identity card, and passport
Contact Information Phone number, address, e-mail, fax number
Family Members and Relatives Information Information about the family members and relatives of the relevant person within the framework of our Company operations and regarding the products and services we offer, or in order to protect the legal and other interests of the Company and the relevant person
Physical Space Security Information Personal data regarding the records and documents taken upon entering the physical space and during the stay inside the physical space; camera records, vehicle information records, and records taken at the security point, etc.
Transaction Security Information Your personal data processed to ensure our technical, administrative, legal, and commercial security during the execution of our activities (e.g., log records, IP information, authentication information)
Financial Information Personal data processed regarding information, documents, and records showing all kinds of financial results created according to the type of legal relationship our Company has established with the relevant person, and data such as bank account number, IBAN number, income information, debt/credit information
Employee Candidate Information Resume information of our employee and/or intern candidates who have applied for a job to our company by any means
Special Category Personal Data Data related to individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing and attire, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data
Request/Complaint Management Information Personal data regarding the receipt and evaluation of all kinds of requests or complaints directed to our company
Audio-Visual Data Photographs and camera records (excluding records falling under Physical Space Security Information) and voice records
Audit and Inspection Information Personal data processed regarding the execution of our Company's operational, financial, fraud, and compliance audit activities
Legal Process and Compliance Personal data processed within the scope of the determination, pursuit of our legal receivables and rights, and the performance of our debts, as well as our legal obligations and compliance with our Company's policies
Transaction Information Data such as survey information, declaration information, shopping information, call center records, membership information, cookie records processed within the framework of the activities carried out by our Company, related to the products or services offered or to protect the legal and other interests of the Company and the relevant person

ANNEX 4 – Third Parties to Whom Personal Data is Transferred by Our Company and the Purposes of Transfer

In accordance with Articles 8 and 9 of the Law, our Company may transfer the personal data of the relevant persons specified in this Policy to the third-party categories listed below:

  • (i) Business Partners
  • (ii) Suppliers
  • (iii) Affiliates
  • (iv) Shareholders
  • (v) Legally Authorized Private Law Persons
  • (vi) Legally Authorized Public Institutions and Organizations
  • (vii) Group Companies
  • (viii) Company Board Members

The scope of the above-mentioned persons to whom the transfer is made and the data transfer purposes are specified below.

Persons to Whom Data Can Be Transferred Definition Purpose of Data Transfer
Business / Solution Partner
  • Parties providing services to our Company for the purpose of performing fiscal and financial transactions
  • Parties providing services to our Company within the scope of receiving travel planning services related to business travels and organizations
Limited to ensuring the fulfillment of the establishment purposes of the business partnership
Supplier Parties providing services to our Company in line with our Company's data processing purposes and instructions within the scope of the execution of our Company's commercial activities Limited to ensuring the acquisition of the services provided externally by our Company and necessary to carry out its commercial activities
Affiliates Companies of which our Company is a shareholder and controls Limited to ensuring the execution of our Company's commercial activities that also require the participation of affiliates
Legally Authorized Public Institutions and Organizations Public institutions and organizations authorized to receive information and documents from our Company according to the provisions of the relevant legislation (For example; Ministries, Tax offices, Courts, Trade Registry, etc.) Limited to the purpose requested by the relevant public institutions and organizations within their legal authority
Legally Authorized Private Law Persons Refers to institutions or organizations established in accordance with specific conditions legally determined in accordance with the provisions of the relevant legislation and continuing their activities within the framework determined by the law (For example; independent auditors, notaries). Personal data is shared limited to the issues falling within the scope of the activities carried out by the relevant private institutions and organizations.
Company Board Members Company Board Members Limited to the purpose of carrying out the activities of the Company Board of Directors